- 77 - 

S05P0026 

CLAIMS 

1. A data communication apparatus having a memory space, 
the data communication apparatus managing the memory space 
by separating the memory space into one or more file systems, 
the apparatus comprising: 

controlling means for holding a separating authority 
key and managing the access to the file system in the memory 
space ; and 

a first file system allocated to a first service 
provider in the memory space, the first file system holding 
an issuer key of the first service provider; 

wherein, upon receiving, from a second service provider 
requesting an allocation of a new file system, a separate 
package generated by encrypting, using the issuer key of the 
first service provider, a data block containing a separate 
element package generated by encrypting an issuer key of the 
second service provider using the separating authority key 
and information on the new file system, the first file 
system decrypts the received separate package using the 
issuer key of the first service provider and retrieves the 
separate element package and the information on the new file 
system, and wherein the controlling means decrypts the 
separate element package using the separating authority key, 
retrieves the issuer key of the second service provider, 
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separates a free area of the memory space in accordance with 
the information on the new file system, and allocates the 
separated memory area to a second file system holding the 
issuer key of the second service provider. 

2. The data communication apparatus according to Claim 1, 
wherein each of the file systems in the memory space has 
area identification information, and wherein, upon receiving 
an external access having the area identification 
information on a file system to be accessed and a package 
encrypted using the issuer key of the file system in the 
form of arguments of the external access, the controlling 
means delivers the package to the corresponding file system 
on the basis of the area identification information, and 
wherein the file system decrypts the package using the 
issuer key of the file system. 

3. The data communication apparatus according to Claim 2, 
wherein each of the allocated file systems in the memory 
space has a system code, and wherein, when separating a new 
file system in response to the reception of the separate 
package, the controlling means sets the system code of the 
file system together with the issuer code and the area 
identification information. 
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4. The data communication apparatus according to Claim 3, 
wherein, when the service provider issues a request for 
acquiring area identification information using the system 
code of the service provider as an argument of the request 
after acquiring the file system, the controlling means 
performs polling on each of the file systems on the basis of 
the system code in the request to acquire the area 
identification information from the corresponding file 
system and returns the acquired area identification 
information to the requester. 

5. The data communication apparatus according to Claim 3, 
wherein, in response to a request from the second service 
provider after the second service provider has acquired the 
file system, the controlling means rewrites the issuer key 
and the system code set in the second file system at the 
separating time. 

6. The data communication apparatus according to Claim 1, 
wherein each of the file systems in the memory space has 
area identification information, and wherein, upon receiving, 
from the service provider after the service provider has 
acquired the file system, an external access having the area 
identification information and a package of an access 
request to the file system encrypted using the issuer key of 
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the service provider in the form of arguments of the 
external access, the controlling means delivers the 
encrypted package to the corresponding file system on the 
basis of the area identification information. 

7. A method for managing a memory of a data communication 
apparatus, the data communication apparatus having a memory 
space and managing the memory space by separating the memory 
space into one or more file systems, wherein a separating 
authority key for authenticating authority to separate the 
file system and a first file system for authenticating 
access authority using an issuer key of a first service 
provider are provided in the memory space, the method 
comprising the steps of: 

receiving, from a second service provider requesting an 
allocation of a new file system, a separate package 
generated by encrypting, using the issuer key of the first 
service provider, a data block containing a separate element 
package generated by encrypting an issuer key of the second 
service provider using the separating authority key and 
information on the new file system; 

decrypting the received separate package using the 
issuer key of the first service provider and retrieving the 
separate element package and the information on the new file 
system; and 
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decrypting the separate element package using the 
separating authority key, retrieving the issuer key of the 
second service provider, separating a free area of the 
memory space in accordance with the information on the new 
file system, and allocating the separated memory area to a 
second file system holding the issuer key of the second 
service provider. 

8. The method for managing a memory of a data 
communication apparatus according to Claim 7, wherein each 
of the file systems in the memory space has area 
identification information, and wherein an external access 
includes the area identification information on a file 
system to be accessed and a package encrypted using the 
issuer key of the file system in the form of arguments, and 
wherein the method further comprises the steps of receiving 
an external access request to the file system having area 
identification information and a package as arguments of the 
external access request, delivering the package to the 
corresponding file system on the basis of the area 
identification information, and decrypting the package using 
the issuer key of the file system by the file system. 

9 . The method for managing a memory of a data 
communication apparatus according to Claim 8, wherein each 
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of the allocated file systems in the memory space has a 
system code, and wherein the method further comprises the 
steps of setting the system code of the file system together 
with the issuer code and the area identification information 
when separating a new file system in response to the 
reception of the separate package. 

10. The method for managing a memory of a data 
communication apparatus according to Claim 9, further 
comprising : 

issuing, from the service provider, a request for 
acquiring area identification information using the system 
code of the service provider as an argument of the request 
after acquiring the file system; and 

performing polling on each of the file systems on the 
basis of the system code in the request to acquire the area 
identification information from the corresponding file 
system and returning the acquired area identification 
information to the requester. 

11. The method for managing a memory of a data 
communication apparatus according to Claim 9, further 
comprising the steps of issuing, from the second service 
provider, a request for rewriting the issuer key and the 
system code set in the second file system at the separating 
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time after the second service provider has acquired the file 
system of the second service provider in the memory space 
and rewriting the issuer key and the system code set in the 
second file system at the separating time in response to the 
rewriting request . 

12 . The method for managing a memory of a data 
communication apparatus according to Claim 7, wherein each 
of the file systems in the memory space has area 
identification information, and wherein the method further 
comprises the steps of receiving, from the service provider, 
an access request including the area identification 
information and a package of an access request to the file 
system of the service provider encrypted using the issuer 
key of the service provider in the form of arguments of the 
access request after the service provider has acquired the 
file system, and delivering the package to the corresponding 
file system on the basis of the area identification 
information contained in the arguments of the access request 
from the service provider. 



